Total
5279 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-8267 | 1 Dovestones | 1 Ad Self Password Reset | 2016-11-28 | 7.5 HIGH | 10.0 CRITICAL |
| The PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll in Dovestones AD Self Password Reset before 3.0.4.0 allows remote attackers to reset arbitrary passwords via a crafted request with a valid username. | |||||
| CVE-2015-7792 | 1 Corega | 1 Cg-wlbargs Firmware | 2016-11-28 | 10.0 HIGH | 9.8 CRITICAL |
| Corega CG-WLBARGS devices allow remote attackers to perform administrative operations via unspecified vectors. | |||||
| CVE-2015-7442 | 1 Ibm | 2 Installation Manager, Packaging Utility | 2016-11-28 | 6.2 MEDIUM | 7.0 HIGH |
| consoleinst.sh in IBM Installation Manager before 1.7.4.4 and 1.8.x before 1.8.4 and Packaging Utility before 1.7.4.4 and 1.8.x before 1.8.4 allows local users to gain privileges via a Trojan horse program that is located in /tmp with a name based on a predicted PID value. | |||||
| CVE-2015-7425 | 1 Ibm | 2 Tivoli Storage Flashcopy Manager For Vmware, Tivoli Storage Manager For Virtual Environments Data Protection For Vmware | 2016-11-28 | 10.0 HIGH | 10.0 CRITICAL |
| The Data Protection component in the VMware vSphere GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.3 before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.4 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 3.1 before 3.1.1.3, 3.2 before 3.2.0.6, and 4.1 before 4.1.4 allows remote attackers to obtain administrative privileges via a crafted URL that triggers back-end function execution. | |||||
| CVE-2015-6861 | 1 Eucalyptus | 1 Eucalyptus | 2016-11-28 | 4.6 MEDIUM | 7.5 HIGH |
| HPE Helion Eucalyptus 3.4.0 through 4.2.0 allows remote authenticated users to bypass an intended AssumeRole permission requirement and assume an IAM role by leveraging a policy setting for a user's account. | |||||
| CVE-2015-6417 | 1 Cisco | 1 Videoscape Distribution Suite Service Manager | 2016-11-28 | 6.5 MEDIUM | N/A |
| Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.4.0 and earlier does not always use RBAC for backend database access, which allows remote authenticated users to read or write to database entries via (1) the GUI or (2) a crafted HTTP request, aka Bug ID CSCuv87025. | |||||
| CVE-2015-5723 | 3 Debian, Doctrine-project, Zend | 10 Debian Linux, Annotations, Cache and 7 more | 2016-11-28 | 7.2 HIGH | 7.8 HIGH |
| Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code. | |||||
| CVE-2015-5515 | 1 Views Bulk Operations Project | 1 Views Bulk Operations | 2016-11-28 | 4.9 MEDIUM | N/A |
| The Views Bulk Operations (VBO) module 6.x-1.x and 7.x-3.x before 7.x-3.3 for Drupal, when the bulk operation for changing Roles is enabled, allows remote authenticated users to edit user accounts and add arbitrary roles to the accounts by leveraging access to a user account listing view with VBO enabled. | |||||
| CVE-2015-5509 | 1 Administration Views Project | 1 Administration Views | 2016-11-28 | 6.0 MEDIUM | N/A |
| The Administration Views module 7.x-1.x before 7.x-1.4 for Drupal, when used with other unspecified modules, does not properly grant access to administration pages, which allows remote administrators to bypass intended restrictions via unspecified vectors. | |||||
| CVE-2015-5496 | 1 Pass2pdf Project | 1 Pass2pdf | 2016-11-28 | 5.0 MEDIUM | N/A |
| The pass2pdf module for Drupal does not restrict access to generated PDF files, which allows remote attackers to obtain user passwords via unspecified vectors. | |||||
| CVE-2015-5511 | 1 Hybridauth Social Login Project | 1 Hybridauth Social Login | 2016-11-28 | 5.0 MEDIUM | N/A |
| The HybridAuth Social Login module 7.x-2.x before 7.x-2.13 for Drupal allows remote attackers to bypass the user registration by administrator only configuration and create an account via a social login. | |||||
| CVE-2015-5434 | 1 Hp | 87 Jc072b Hp 12500 Main Processing Unit, Jc085a Hp A12518 Switch Chassis, Jc086a Hp A12508 Switch Chassis and 84 more | 2016-11-28 | 6.4 MEDIUM | 6.5 MEDIUM |
| HPE Networking Products, originally branded as Comware 5, Comware 7, H3C, or HP, allow remote attackers to bypass intended access restrictions or cause a denial of service via "Virtual routing and forwarding (VRF) hopping." | |||||
| CVE-2015-5005 | 1 Ibm | 2 Aix, Powerha System Mirror | 2016-11-28 | 8.5 HIGH | N/A |
| CSPOC in IBM PowerHA SystemMirror on AIX 6.1 and 7.1 allows remote authenticated users to perform an "su root" action by leveraging presence on the cluster-wide password-change list. | |||||
| CVE-2015-4532 | 1 Emc | 1 Documentum Content Server | 2016-11-28 | 9.0 HIGH | N/A |
| EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization and does not properly restrict object types, which allows remote authenticated users to run save RPC commands with super-user privileges, and consequently execute arbitrary code, via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2514. | |||||
| CVE-2015-4545 | 1 Emc | 1 Isilon Onefs | 2016-11-28 | 9.0 HIGH | 8.0 HIGH |
| EMC Isilon OneFS 7.1 before 7.1.1.8, 7.2.0 before 7.2.0.4, and 7.2.1 before 7.2.1.1 allows remote authenticated administrators to bypass a SmartLock root-login restriction by creating a root account and establishing a login session. | |||||
| CVE-2015-4531 | 1 Emc | 1 Documentum Content Server | 2016-11-28 | 9.0 HIGH | N/A |
| EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4622. | |||||
| CVE-2015-3244 | 1 Redhat | 1 Jboss Enterprise Portal Platform | 2016-11-28 | 4.9 MEDIUM | N/A |
| The Portlet Bridge for JavaServer Faces in Red Hat JBoss Portal 6.2.0, when used in portlets with the default resource serving for GenericPortlet, does not properly restrict access to restricted resources, which allows remote attackers to obtain sensitive information via a URL with a modified resource ID. | |||||
| CVE-2015-2984 | 1 Iodata | 2 Wn-g54\/r2, Wn-g54\/r2 Firmware | 2016-11-28 | 5.0 MEDIUM | N/A |
| I-O DATA DEVICE WN-G54/R2 routers with firmware before 1.03 and NP-BBRS routers allow remote attackers to cause a denial of service (SSDP reflection) via UPnP requests. | |||||
| CVE-2015-1946 | 1 Ibm | 2 Websphere Application Server, Websphere Virtual Enterprise | 2016-11-28 | 4.4 MEDIUM | N/A |
| IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.6, and WebSphere Virtual Enterprise 7.0 before 7.0.0.6 for WebSphere Application Server (WAS) 7.0 and 8.0, does not properly implement user roles, which allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2015-1156 | 1 Apple | 2 Iphone Os, Safari | 2016-11-28 | 4.3 MEDIUM | N/A |
| The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link's target, and spoof the user interface, via a crafted web site. | |||||